# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { lib, inputs, config, pkgs, ... }: { imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ./hardware-configuration.nix ../common/global ../common/users/julian ../common/optional/binarycaches.nix ../common/optional/pipewire.nix ../common/optional/remote-builder.nix ../common/optional/pcmanfm.nix ../common/optional/redshift.nix ../common/optional/authentication.nix ../common/optional/avahi.nix ]; environment.systemPackages = [ (pkgs.python3.withPackages (p: with p; [ numpy pillow flask rpi-gpio webcolors psutil mido rtmidi-python spidev waitress websockets werkzeug pkgs.frajul.rpi-ws281x-python ])) ]; # disko.devices.disk.main.device = "/dev/mmcblk1"; # enabled by fish, disabling speeds up builds documentation.man.generateCaches = false; # networking.enableIPv6 = false; # This only leads to issues with avahi # services.avahi.ipv6 = false; hardware.raspberry-pi."4".bluetooth.enable = true; hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = true; services.blueman.enable = true; # bluetooth gui # raspberry pi specific # systemd.services.btattach = { # before = [ "bluetooth.service" ]; # after = [ "dev-ttyAMA0.device" ]; # wantedBy = [ "multi-user.target" ]; # serviceConfig = { # ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000"; # }; # }; # networking.wireless.enable = true; # networking.wireless.secretsFile = config.sops.secrets."wifi/pianonix".path; # networking.wireless.networks = { # "SMARTments".pskRaw = "ext:PSK"; # }; # networking.networkmanager.enable = lib.mkForce false; services.gnome.at-spi2-core.enable = true; # for onboard networking.hostName = "pianonix"; system.stateVersion = "22.11"; sops.secrets."vnc-passwd" = { owner = config.users.users.julian.name; sopsFile = ./secrets-vnc-passwd.bin; format = "binary"; }; sops.secrets."wifi/pianonix" = {}; sops.secrets."syncthing/pianonix/key" = {}; sops.secrets."syncthing/pianonix/cert" = {}; # sops.secrets."syncthing/public-keys/aspi-nix" = { }; # sops.secrets."syncthing/public-keys/pianonix" = { }; sops.secrets."wg-config" = { sopsFile = ./secrets-wg-config.bin; format = "binary"; }; networking.wg-quick.interfaces = { home = { configFile = config.sops.secrets."wg-config".path; autostart = true; # This interface is started on boot }; }; modules = { syncthing = { enable = true; overrideSettings = true; }; }; # Enable the Desktop Environment. # services.xserver.displayManager.lightdm.enable = true; services.displayManager.defaultSession = "xfce"; services.displayManager.autoLogin = { enable = true; user = "julian"; }; systemd.services.x11vnc = { description = "Run x11vnc server"; after = ["display-manager.service"]; wantedBy = ["multi-user.target"]; serviceConfig = { ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${ config.sops.secrets."vnc-passwd".path } -forever -loop -noxdamage -repeat -rfbport 5900 -shared"; User = config.users.users.julian.name; Restart = "on-failure"; Environment = "DISPLAY=:0"; }; }; boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s # De-facto disable network manager, which is enabled by gnome # networking.networkmanager.unmanaged = [ "*" ]; services.xserver.enable = true; services.xserver.desktopManager = { xfce = { enable = true; }; }; services.xserver.displayManager.sessionCommands = '' # Prevent screen from going blank or turning off (values in min) ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0 ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0 ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0 ''; services.xserver.xautolock.enable = false; services.xserver.desktopManager.xfce.enableScreensaver = false; # xdg.portal.lxqt.enable = true; services.openssh = { enable = true; # require public key authentication for better security settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "yes"; }; users.users."root".openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi" ]; services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path; services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path; services.syncthing.settings = { devices = { "aspi-nix" = { id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3"; }; "pianonix" = { id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH"; }; }; folders = { "Klavier" = { path = "/home/julian/Klavier"; id = "flc3m-q4gp2"; devices = [ "aspi-nix" "pianonix" ]; }; }; }; networking.firewall.enable = false; networking.firewall.allowedTCPPorts = [ 5900 # for vnc ]; # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI! # If no user is logged in, the machine will power down after 20 minutes. systemd.targets.sleep.enable = false; systemd.targets.suspend.enable = false; systemd.targets.hibernate.enable = false; systemd.targets.hybrid-sleep.enable = false; ## Raspberry pi specific config # hardware.raspberry-pi."4" = { # fkms-3d.enable = true; # touch-ft5406.enable = true; # }; # Prevent host becoming unreachable on wifi after some time (for raspberry pi) networking.networkmanager.wifi.powersave = false; # Enable audio devices on raspberry pi # boot.kernelParams = [ # "snd_bcm2835.enable_hdmi=1" # "snd_bcm2835.enable_headphones=1" # ]; # boot.loader.raspberryPi.firmwareConfig = '' # dtparam=audio=on # ''; ## Enable SPI hardware.raspberry-pi."4".apply-overlays-dtmerge.enable = true; hardware.deviceTree = { enable = true; filter = lib.mkForce "*-rpi-4*.dtb"; overlays = [ { name = "spi"; dtboFile = ./spi0-0cs.dtbo; } ]; }; users.groups.spi = {}; # services.udev.extraRules = '' # SUBSYSTEM=="spidev", KERNEL=="spidev0.0", GROUP="spi", MODE="0660" # ''; ## Use GPIO as non-root # Create gpio group users.groups.gpio = {}; # Change permissions gpio devices services.udev.extraRules = '' SUBSYSTEM=="spidev", KERNEL=="spidev0.0", GROUP="spi", MODE="0660" SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660" SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'" SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'" ''; # Add user to group users.users.julian.extraGroups = ["gpio"]; ## My own Piano LED Visualizer services.piano-led-visualizer.enable = true; ## Crude fix for avahi systemd.timers.avahiRestart = { description = "Restart avahi-daemon every 5 minutes"; wantedBy = ["timers.target"]; timerConfig = { OnBootSec = "5min"; OnUnitActiveSec = "5min"; Unit = "avahiRestart.service"; }; }; systemd.services.avahiRestart = { description = "Restart avahi-daemon service"; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.systemd}/bin/systemctl restart avahi-daemon.service"; }; }; }